The Cisco NAC environment is a multipartner program designed to limit
damage caused by viruses and worms. In order to control network access, NAC
monitors network devices to ensure they comply with network security policies.
Cisco Secure Services Client and the CTA are core components of the NAC
environment. Every device that seeks network access contacts a network access
device (router, switch, VPN concentrator, or firewall). These devices demand
endpoint security credentials through Cisco Secure Services Client and CTA.
This information is relayed to policy servers in order to allow or deny
admission to the network.

Note: CTA must be installed on all hosts that require validation for
network access.

CTA allows the NAC application to determine if the necessary partner
software products, such as antivirus software, are installed and current. CTA
also determines current operating system and patch levels.

The key features and benefits of CTA include:

Small non-intrusive agent that acts as a middleware component and
securely communicates host policy information to the authentication,
authorization, and accounting (AAA) policy server through an 802.1X supplicant
such as Cisco Secure Services Client. CTA can communicate the Cisco security,
operating system, and patch versions, as well as the version of any partner
software.

Interacts directly with NAC-enabled applications that run on the
host without user intervention. CTA communicates with NAC-enabled applications
through communication channels integrated by the NAC partners within their
applications.

To set up NAC environment with Cisco Secure Services Client and CTA,
complete these steps:

Use Extensible Authentication Protocol-Flexible Authentication via
Secure Tunneling (EAP-FAST) in order to configure Cisco Secure Services Client
to authenticate to the network. Without posture validation, users are placed in
a quarantined VLAN.